Qualys Cloud Platform 10.1 (VM/PC) API notification 2

A new release of Qualys Cloud Platform 10.1 (PC) includes an updated API which is targeted for release in May 2020. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API. Updated 5/5/20 with updated release notes

What’s newOracle Instance Discovery and System Record Creation/api/2.0/fo/auth/oracle/ This release introduces instance discovery and auto record creation for Oracle authentication. This functionality is already available for other technologies like Apache Web Server, IBM WebSphere, JBoss and Tomcat. There are a few notable differences for Oracle though. When we auto discover Oracle instances, we’ll discover the target configuration for each instance but not the login credentials. We’ve introduced a new configuration called “Oracle System Record Template” that you’ll use to provide Oracle login credentials for system created records. You’ll create the system record template and then select it in the option profile used for discovery scans. The template is linked automatically to the system created records created as a result of the scan.

Asset Search Report – Change to Asset Group Value in Output for DNS hosts/api/2.0/fo/report/asset/?action=search Now when you run the Asset Search Report for DNS hosts, you’ll see a comma separated list of asset groups the host belongs to. In previous releases you’d only see the All group listed for DNS hosts. The report output will show the associated groups only if the DNS host is found in the asset group specified in the API request.

/api/2.0/fo/report/ You will now see the list of asset groups associated with each host in the Host-based Scan Report output generated in these formats: CSV, MHT, PDF, HTML, and DOCX. The report in XML format already shows this information.

Remediation Information Available in Policy Import and Export of UDCs/api/2.0/fo/compliance/policy/ You can now import or export remediation information of your UDC policies using an xml file.

More Regions Supported for VM, Compliance and Cloud Perimeter Scans/api/2.0/fo/scan//api/2.0/fo/scan/compliance//api/2.0/fo/scan/cloud/perimeter/job/api/2.0/fo/schedule/scan/ It’s now possible to launch a vulnerability scan, compliance scan for EC2 instances or cloud perimeter scan in three new regions: Stockholm, Hong Kong and Bahrain. You need to set the input parameter to the respective region and include it in the scan request.

Azure Key Vault Support for Palo Alto Network Firewall Authentication Records/api/2.0/fo/auth/palo_alto_firewall/?action=list/api/2.0/fo/auth/palo_alto_firewall/?action=create/api/2.0/fo/auth/palo_alto_firewall/?action=update With this release you can create and update authentication records for Palo Alto Network Firewall, using the Azure Key vault. Before creating the authentication record, you need to create the Azure Key vault record using Vaults API. See “Manage Vaults section in Chapter 6 – Vault Support” in the Qualys VM/PC API Guide for the list of parameters for creating Azure Key Vault record.

Network Element Added to Compliance Scan Result Output DTD

/api/2.0/fo/scan/compliance/?action=fetchWe updated the compliance_scan_result_output.dtd to include the Network element in Host Info. You will see this element in the API output when the Network Support feature is enabled.

New Support for ARCON PAM (Privilege Access Management) Vault

/api/2.0/fo/vault/index.php/ This new vault type can be used to retrieve authentication credentials from an ARCON PAM vault. We updated the authentication vault API (create, update, list, view) and the authentication record API (create, update, list) to support the new vault type.

New Database UDCs for Sybase/api/2.0/fo/compliance/posture/info/?action=list/api/2.0/fo/compliance/control/?action=list/api/2.0/fo/compliance/policy/?action=export/api/2.0/fo/subscription/option_profile/pc/ With this release you can create, update, list and export Option Profiles for Sybase Database UDCs. We’ve added new elements to the XML output and DTDs for Control List Output, Policy Export Output, Posture Info List Output, Option Profiles, and the ImportableControl.xsd schema.